Openoffice

openoffice

30 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (30)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-2936 1Openoffice 1Openoffice.org Apr 29, 2026 Aug 25, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafte...Show more Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.Show less
CVE-2010-2935 1Openoffice 1Openoffice.org Apr 29, 2026 Aug 25, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of serv...Show more simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."Show less
CVE-2009-3571 1Openoffice 1Openoffice.org Apr 23, 2026 Oct 6, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005,...Show more Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Show less
CVE-2009-3570 1Openoffice 1Openoffice.org Apr 23, 2026 Oct 6, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no ac...Show more Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Show less
CVE-2009-0201 1Openoffice 1Openoffice.org Apr 23, 2026 Sep 2, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "...Show more Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."Show less
CVE-2009-0200 1Openoffice 1Openoffice.org Apr 23, 2026 Sep 2, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to...Show more Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.Show less
CVE-2009-0259 1Openoffice 1Openoffice.org Apr 23, 2026 Jan 22, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that tr...Show more The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.Show less
CVE-2008-4937 1Openoffice 1Openoffice.org Apr 23, 2026 Nov 5, 2008 N/A· v4 N/A· v3 2.6 LOW· v2 senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.
CVE-2008-2238 1Openoffice 1Openoffice.org Apr 23, 2026 Oct 30, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a...Show more Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.Show less
CVE-2008-2237 1Openoffice 1Openoffice.org Apr 23, 2026 Oct 30, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
CVE-2008-3437 1Openoffice 1Openoffice.org Apr 23, 2026 Aug 1, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS c...Show more OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.Show less
CVE-2008-2366 1Openoffice 1Openoffice Apr 23, 2026 Jun 16, 2008 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current...Show more Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path.Show less
CVE-2008-2152 1Openoffice 1Openoffice.org Apr 23, 2026 Jun 10, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based...Show more Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.Show less
CVE-2008-0320 1Openoffice 1Openoffice.org Apr 23, 2026 Apr 17, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryI...Show more Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.Show less
CVE-2007-5746 1Openoffice 1Openoffice.org Apr 23, 2026 Apr 17, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-b...Show more Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow.Show less
CVE-2007-5745 1Openoffice 1Openoffice Apr 23, 2026 Apr 17, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute a...Show more Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.Show less
CVE-2007-4575 1Openoffice 1Openoffice Apr 23, 2026 Dec 6, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."
CVE-2007-4251 1Openoffice 1Openoffice Apr 23, 2026 Aug 8, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.
CVE-2007-0245 1Openoffice 1Openoffice Apr 23, 2026 Jun 12, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable...Show more Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.Show less
CVE-2007-0239 1Openoffice 1Openoffice Apr 23, 2026 Mar 21, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.

12 Next